Session time out

**Asterius** · 26/03/2010, 00h16

Bonjour,

J'ai un soucis un peu bizarre avec le time-out dans mon application :
Quand une session se termine, et que l'utilisateur clique sur un lien, il est redirigé correctement sur la page de login. Par contre, une fois qu'il veut se reconnecter, paf, on obtient le crash suivant :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
javax.servlet.ServletException
    javax.faces.webapp.FacesServlet.service(FacesServlet.java:256)
    org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:206)
    org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290)
    org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:388)
    org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:515)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
    org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
    org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
    org.springframework.security.ui.SessionFixationProtectionFilter.doFilterHttp(SessionFixationProtectionFilter.java:67)
    org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
    org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101)
    org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
    org.springframework.security.ui.rememberme.RememberMeProcessingFilter.doFilterHttp(RememberMeProcessingFilter.java:116)
    org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
    org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter.doFilterHttp(SecurityContextHolderAwareRequestFilter.java:91)
    org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
    org.springframework.security.ui.basicauth.BasicProcessingFilter.doFilterHttp(BasicProcessingFilter.java:174)
    org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
    org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:277)
    org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
    org.springframework.security.ui.logout.LogoutFilter.doFilterHttp(LogoutFilter.java:89)
    org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
    org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
    org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
    org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:175)
    org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
    org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
cause mère 
java.lang.NullPointerException
    com.sun.faces.lifecycle.RestoreViewPhase.execute(RestoreViewPhase.java:191)
    com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:266)
    com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:132)
    javax.faces.webapp.FacesServlet.service(FacesServlet.java:244)
    org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:206)
    org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290)
    org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:388)
    org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:515)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
    org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
    org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
    org.springframework.security.ui.SessionFixationProtectionFilter.doFilterHttp(SessionFixationProtectionFilter.java:67)
    org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
    org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101)
    org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
    org.springframework.security.ui.rememberme.RememberMeProcessingFilter.doFilterHttp(RememberMeProcessingFilter.java:116)
    org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
    org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter.doFilterHttp(SecurityContextHolderAwareRequestFilter.java:91)
    org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
    org.springframework.security.ui.basicauth.BasicProcessingFilter.doFilterHttp(BasicProcessingFilter.java:174)
    org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
    org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:277)
    org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
    org.springframework.security.ui.logout.LogoutFilter.doFilterHttp(LogoutFilter.java:89)
    org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
    org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
    org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
    org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:175)
    org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
    org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)

Je ne comprend pas à quoi c'est du, ni comment corriger ce soucis. Peut-être est-ce quelque chose que j'aurais mal configuré dans spring security? Voici ma config à tout hasard :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xsi:schemaLocation="http://www.springframework.org/schema/beans  
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
 
    <http entry-point-ref="authenticationProcessingFilterEntryPoint">
        <intercept-url pattern="/css/**" filters="none" />
        <intercept-url pattern="/img/**" filters="none" />
        <intercept-url pattern="/upload/**" filters="none" />
        <intercept-url pattern="/js/**" filters="none" />
        <intercept-url pattern="/a4j/**" filters="none" />
        <intercept-url pattern="/log*" filters="none" /> <!-- Login / logout -->
        <intercept-url pattern="/j_spring*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/pages/admin/**" access="ROLE_DEVELOPER,ROLE_ADMINISTRATOR" />
        <intercept-url pattern="/pages/site/**" access="ROLE_DEVELOPER,ROLE_ADMINISTRATOR" />
        <intercept-url pattern="/pages/**" access="ROLE_DEVELOPER,ROLE_ADMINISTRATOR,ROLE_MANAGER" />
        <intercept-url pattern="/**" access="ROLE_DEVELOPER" />
        <anonymous />
        <http-basic />
    </http>
 
    <!-- Authentication : user our own UserDetailsService implementation -->
 
    <authentication-manager alias="authenticationManager" /> <!-- Allow other beans to point to authentication manager -->
 
    <authentication-provider user-service-ref="userDetailsService">
        <password-encoder hash="sha">
            <salt-source user-property="salt"/>
        </password-encoder>
    </authentication-provider>
 
    <beans:bean id="userDetailsService" class="mypackage.security.UserDetailsServiceImpl" autowire="byName"/>
 
    <beans:bean id="passwordEncoder" class="org.springframework.security.providers.encoding.ShaPasswordEncoder"/>
 
    <beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint"> 
        <beans:property name="loginFormUrl" value="/login.html" /> 
        <beans:property name="forceHttps" value="false" /> 
    </beans:bean> 
 
    <!-- Custom authentication filter to allow doing some other business logic when a user logs in (via login form) -->  
 
    <beans:bean id="authenticationFilter" class="mypackage.security.CustomAuthenticationProcessingFilter" autowire="byName">  
        <custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/><!-- Override the default one -->
        <beans:property name="authenticationManager" ref="authenticationManager" /> 
        <beans:property name="authenticationFailureUrl" value="/login.html?login_error=1" /> 
        <beans:property name="defaultTargetUrl" value="/pages/home.html" />
        <beans:property name="alwaysUseDefaultTargetUrl" value="true" /> 
        <beans:property name="filterProcessesUrl" value="/j_spring_security_check" /> 
        <beans:property name="continueChainBeforeSuccessfulAuthentication" value="false" /> 
        <beans:property name="rememberMeServices" ref="rememberMeServices" /> 
    </beans:bean>
 
    <!-- Custom RememberMeProcessing filter to allow doing other business logic when a user logs in (via cookie)-->      
 
    <beans:bean id="rememberMeProcessingFilter" class="mypackage.security.CustomRememberMeProcessingFilter" autowire="byName"> 
      <custom-filter position="REMEMBER_ME_FILTER" /> <!-- Override the default one -->
      <beans:property name="rememberMeServices" ref="rememberMeServices"/> 
      <beans:property name="authenticationManager" ref="authenticationManager" /> 
    </beans:bean>  
 
    <beans:bean id="rememberMeServices" class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices"> 
        <beans:property name="userDetailsService" ref="userDetailsService" /> 
        <beans:property name="key" value="springRocks" /> 
    </beans:bean>
 
    <beans:bean id="rememberMeAuthenticationProvider" class="org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider"> 
      <!-- This ensures that remember-me is added as an authentication provider --> 
      <custom-authentication-provider /> 
      <beans:property name="key" value="springRocks"/> 
    </beans:bean> 
 
    <!-- Custom Logout filter to allow doing other business logic when a user logs out -->    
 
    <beans:bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter" autowire="byName"> 
        <custom-filter position="LOGOUT_FILTER" /> <!-- Override the default one -->
        <beans:constructor-arg value="/login.html" /> <!-- URL redirected to after logout -->
        <beans:constructor-arg> 
            <beans:list> 
                <beans:ref bean="rememberMeServices" /> 
                <!-- I add a bean here to perform some custom tasks when the user logs out --> 
                <beans:bean class="mypackage.security.CustomSecurityLogoutHandler"/> 
            </beans:list> 
        </beans:constructor-arg> 
    </beans:bean>  
 
    <beans:bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener" />  
 
</beans:beans>

Merci pour votre aide!

Session time out

JSF Java

Discussions similaires

Partager

Partager